- Vulnerability/
- CVE-2024-2193
12/3/2024
15/3/2024
20/5/2024
29/10/2024
CVE-2024-2193: Speculative Race Condition impacts modern CPU architectures that support speculative execution, also known as GhostRace.
First published: Tue Mar 12 2024(Updated: )
A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 BIG-IP Next | >=20.0.1<=20.1.0 | |
| F5 BIG-IP Next Central Manager | >=20.0.1<=20.2.0 | |
| F5 BIG-IP | >=17.1.0<=17.1.1 | |
| F5 BIG-IP | >=16.1.0<=16.1.4 | |
| F5 BIG-IP | >=15.1.0<=15.1.10 | |
| F5 BIG-IQ Centralized Management | >=8.1.0<=8.3.0 | |
| F5 F5OS-A | =1.7.0>=1.5.1<=1.5.2 | |
| F5 F5OS-C | >=1.6.0<=1.6.2 | |
| F5 Traffix SDC | =5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.theregister.com/2024/03/13/patch_tuesday_march_2024/
- http://www.openwall.com/lists/oss-security/2024/03/12/14
- https://download.vusec.net/papers/ghostrace_sec24.pdf
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23
- https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace
- https://kb.cert.org/vuls/id/488902
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/
- https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html
- https://www.kb.cert.org/vuls/id/488902
- https://www.vusec.net/projects/ghostrace/
- https://xenbits.xen.org/xsa/advisory-453.html
- https://my.f5.com/manage/s/article/K000139682
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- collector/oss-sec
- source/oss-sec
- alias/CVE-2024-2193
- agent/first-publish-date
- collector/the-register
- source/The Register
- alias/CVE-2024-21407
- alias/CVE-2024-21408
- alias/CVE-2024-21334
- alias/CVE-2024-21400
- alias/CVE-2023-32666
- alias/CVE-2023-32282
- alias/CVE-2023-20214
- alias/CVE-2024-20337
- alias/CVE-2024-0039
- alias/CVE-2024-23717
- alias/CVE-2023-42789
- alias/CVE-2023-42790
- alias/CVE-2023-48788
- alias/CVE-2023-47534
- alias/CVE-2023-36554
- alias/CVE-2024-23112
- alias/CVE-2023-46717
- agent/title
- agent/type
- agent/description
- agent/news-ai
- agent/author
- agent/weakness
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/nvd-api
- source/NVD
- collector/mitre-cve
- source/MITRE
- collector/f5-advisory
- source/F5
- agent/software-canonical-lookup
- agent/severity
- agent/softwarecombine
- agent/last-modified-date
- agent/event
- agent/references
- agent/tags
- vendor/f5
- canonical/f5 big-ip next
- version/f5 big-ip next/20.0.1
- version/f5 big-ip next/20.1.0
- canonical/f5 big-ip next central manager
- version/f5 big-ip next central manager/20.0.1
- version/f5 big-ip next central manager/20.2.0
- canonical/f5 big-ip
- version/f5 big-ip/17.1.0
- version/f5 big-ip/17.1.1
- version/f5 big-ip/16.1.0
- version/f5 big-ip/16.1.4
- version/f5 big-ip/15.1.0
- version/f5 big-ip/15.1.10
- canonical/f5 big-iq centralized management
- version/f5 big-iq centralized management/8.1.0
- version/f5 big-iq centralized management/8.3.0
- canonical/f5 f5os-a
- version/f5 f5os-a/1.7.0
- version/f5 f5os-a/1.5.1
- version/f5 f5os-a/1.5.2
- canonical/f5 f5os-c
- version/f5 f5os-c/1.6.0
- version/f5 f5os-c/1.6.2
- canonical/f5 traffix sdc
- version/f5 traffix sdc/5.2